With the release candidate for iOS 26.5, shipped on May 4, Apple officially confirmed end-to-end encryption for RCS messages exchanged between iPhones and Android devices. The technical foundation is RCS Universal Profile 3.0, developed by the GSMA with Apple’s direct contribution, using the MLS (Messaging Layer Security) protocol as the cryptographic standard.
How it works on device
RCS E2E encryption is enabled by default. It can be turned off from Settings > Messages. Encrypted messages show a lock icon in the conversation view, similar to the existing treatment for iMessage.
For encryption to be active, both parties must use a carrier that supports RCS Universal Profile 3.0. If one side does not, the conversation falls back to unencrypted RCS or to SMS/MMS. This condition is determined by carrier infrastructure, not by the app or the operating system.
The feature ships as beta even in the final iOS 26.5 release: Apple does not consider it ready for a complete rollout. Progression toward general availability depends on how quickly carriers update their RCS infrastructure.
What changes with RCS Universal Profile 3.0
E2E encryption is the headline addition, but Profile 3.0 also standardizes several cross-platform behaviors that were previously inconsistent between iPhone and Android:
- editing and deleting already-sent messages;
- Tapback reactions across platforms;
- inline replies to specific messages within a thread.
These features operate at the protocol level. Carriers enable them by updating their RCS implementation to Profile 3.0; no app-side changes are required on either platform.
Impact for app developers
RCS E2E encryption is implemented at the system and carrier level, with no APIs exposed to third-party developers. There is nothing to integrate or modify in an app.
The relevant part is for teams building messaging or enterprise communication apps that are evaluating RCS as a channel: Profile 3.0 moves RCS closer to iMessage in terms of reliability for one-to-one conversations. The structural weak point remains, though: actual availability is still gated by carrier adoption, which varies by region and operator.
For apps that send notifications or business messages over SMS or RCS, no changes are required. The fallback to unencrypted SMS stays in place whenever the conditions for RCS E2E are not met.
When it arrives for users outside the US
It is not yet clear which carriers in Europe and other regions have updated their infrastructure to RCS Universal Profile 3.0. Availability of E2E encryption will follow that adoption, which Apple does not control. The concrete data will come from the carriers themselves, likely in the weeks following the iOS 26.5 public release.
The next thing to track is a list of carriers compatible with RCS Profile 3.0, which the GSMA and Apple may publish around the time of the public release.
